CVE-2017-8849

HIGH

Smb4k < 2.0.0 - Improper Input Validation

Title source: rule

Description

smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.

Exploits (1)

exploitdb WORKING POC

by Stealth · clocallinux

https://www.exploit-db.com/exploits/42053

View Code ZIP pw:eip

References (10)

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3951

[Exploit, Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/05/10/3

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98690

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98737

[Issue Tracking, Patch, Third Party Advisory, VDB Entry] https://bugzilla.redhat.com/show_bug.cgi?id=1449656

[Patch, Third Party Advisory] https://cgit.kde.org/smb4k.git/commit/?id=71554140bdaede27b95dbe4c9b5a028a83c83cce

[Patch, Third Party Advisory] https://cgit.kde.org/smb4k.git/commit/?id=a90289b0962663bc1d247bbbd31b9e65b2ca000e

[Third Party Advisory] https://security.gentoo.org/glsa/201705-14

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42053/

[Third Party Advisory] https://www.kde.org/info/security/advisory-20170510-2.txt

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 47.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (2)

debian/debian_linux 8.0

smb4k_project/smb4k < 2.0.0

Published May 17, 2017

Tracked Since Feb 18, 2026